We are anonymous, we are legion

350% surge in Cyber crimes in last 3 years

praskrishna — 2015-02-07T16:13:59Z

India’s registered cyber crimes leapt 350% in three years but the legal system is struggling to cope with more and more lawbreakers exploiting the anonymity of the internet.

The article was published in the Hindustan Times on January 20, 2015. Sunil Abraham was quoted.

National Crime Records Bureau statistics show number of recorded cases of cyber crime jumped to 4,356 from 966 in the three years up to 2013, with India being more susceptible to digital attacks because of the increasing number of net users in the fast-growing economy.

“Illegal gains” and “harassment” are the top cyber crime motives, the data reveal, though the majority of the crimes were registered under the “others” category — 2,144 cases in 2013. Analysts say such a high number of cases being pigeonholed in this section implies current laws and regulations aren’t detailed enough to tackle cyber crime. The challenge is daunting for India — estimated to have 302 million internet users by the end-2014 and set to have the second largest number of netizens in the world after China this year.

Data show that the age group of 18-30 accounts for the highest percentage of cyber crime with 1,638 persons arrested out of 3,301 in 2013. The surge in cyber crime may also have been brought on by inefficiencies in the legal system with activists challenging some cyber laws considered too draconian for a modern, democratic society.

Various sections of the IT Act were deeply flawed as they were “copy-paste jobs” from British and American laws, said Sunil Abraham, founder-director of Bengaluru-based Centre for Internet & Society. To prevent such abuses, the Supreme Court ruled in 2013 that arrests could only be made after clearance from an inspector general of police in a city and a superintendent of police in a district.

(Devanik Saha is Data Editor at The Political Indian; Indiaspend.org is a data-driven, public-interest journalism non-profit)

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-january-20-2015-devanik-saha-indiaspend-350-per-cent-surge-in-cyber-crimes-in-last-3-years

“The Internet and Controls: A Disturbing Scenario”

praskrishna — 2014-03-05T12:09:11Z

Prof. Mohan SundaraRajan, a renowned science writer will give a talk at the Bangalore International Centre in TERI on March 7, 2014 at 6.30 p.m. Sunil Abraham will chair and moderate the session.

See the invite below. Event details are also posted on the website of Citizen Matters.

For more details visit https://cis-india.org/news/the-internet-and-controls-a-disturbing-scenario

“Politics by other means”: Fostering positive contestation and charting ‘red lines’ through global governance in cyberspace

basu — 2019-10-21T15:40:38Z

The past year has been a busy one for the fermentation of global governance efforts in cyberspace with multiple actors-states, industry, and civil society spearheading a variety of initiatives. Given the multiplicity of actors, ideologies, and vested interests at play in this ecosystem, any governance initiative will be, by default, political, and desirably so.

Arindrajit Basu's essay for this year's Digital Debates: The CyFy Journal was published jointly by Global Policy and ORF. It was written in response to a framing essay by Dennis Broeders under the governance theme. The article was edited by Gurshabad Grover. Arindrajit also acknowledges the contributions of the editorial team at ORF: Trisha, Akhil and Meher.

There is no silver bullet that will magically result in universally acknowledged rules of the road. Instead, through consistent probing and prodding, the global community must create inclusive processes to galvanize consensus to ensure that individuals across the world can repose trust and confidence in their use of global digital infrastructure.^[2] This includes both ‘red lines’ applicable to clearly prohibited acts of cyberspace and softer norms for responsible state behaviour in cyberspace, that arise from an application of the tenets of International Law to cyberspace.

Infrastructure is political

Networked infrastructures typically originate when a series of technological systems with varying technical standards converge, or when a technological system achieves dominance over other self-contained technologies.^[3] Through this process of convergence, networked infrastructures must adapt to a variety of differing political conditions, legal regulations and governance practices.^[4] Internet infrastructure was never self-contained technology, but an amalgamation of systems, protocols, standards and hardware along with the standards bodies, private actors and states that define it.^[5] The architecture has always been deeply socio-technical^[6] and any attempt to severe the technology from the politics of internet governance would be a fool’s errand.

Politics catalyzed the development of the technological infrastructure that lead to the creation of the internet. During the heyday of nuclear brinkmanship between the USA and USSR, Paul Baran, an engineer with the US Department of Defense think tank RAND Corporation was tasked with building a means of communication that could continue running even if some parts were to be knocked out by a nuclear war.^[7]

As Baran’s ‘Bomb proof network’ morphed into the US Department of Defense funded ARPANET, it was initially apparent that it was not meant for either mass or commercial use, but instead saw its nurturing in the US as a tool of strategic defense.^[8]

This enabled the US to retain a disproportionate -- and till the 1990s, relatively uncontested -- influence on internet governance. As the internet rapidly expanded across the globe, various actors found that single state control over an invaluable global resource was unjust.^[9] Others (9which included US Senator Ted Cruz), argued that the internet would be safer in the hands of the United States than an international forum whose processes could be reduced to stalemate as a result of politicized conflict between democratic and non-democratic states who seek to use online spaces as an instrument of suppression.^[10] The ICANN and IANA transitions were therefore not rooted in technical considerations but much-needed geopolitical pressure from states and actors who felt ‘disregarded’^[11] in the governance of the internet. An inclusive multi-stakeholder process fueled by inclusive geopolitical contestation is far more effective in the long run and has the potential of respecting the rights of ‘disregarded’ communities all across the globe far more than a unilateral process that ignores any voices of opposition.

It is now clear that despite its continued outsized influence, the United States is no longer the only major state player in global cyber governance. China has propelled itself as a major political and economic challenger to the United States across several regimes^[12], including in the cyber domain. China’s export of the ‘information sovereignty’^[13] doctrine at various cyber norms proliferation fora, including at the United Nations-Group of Governmental Experts (GGE), and regional forums like the Shanghai Co-operation (SCO), is an example of its desire to impose its ideological clout on global conceptions of the internet.

As a rising power, China’s aspirations in global internet governance are not limited to ideology. China is at an ‘innovation imperative’, where it needs to develop new technologies to retain its status and fuel long-term growth.^[14] This locks it into direct economic, and therefore strategic competition with the United States that seeks to retain control over the same supply chains and continues to assert its economic and military superiority.

China has dominated the 5G space in an unprecedented way, and has been a product of a concerted ‘whole of government’ effort.^[15] Beijing charted out an industrial policy that enabled the deployment of 5G networks as a key national priority.^[16] China has also successfully weaponized global technical standard-setting efforts to promote its geo-economic interests.^[17] Reeling from the failure of its domestic 3G standard that was ignored globally, China realised the importance of the ‘first-movers’ advantage’ in setting standards for companies and businesses.^[18] Through an aggressive strategic push at a number of international bodies such as the International Telecommunications Union, China’s diplomatic pivot has allowed it to push standards established domestically with little external input, thereby giving Chinese companies the upper hand globally.^[19]

Politics continues to frame the technical solutions that enable cybersecurity.19 Following Snowden’s revelations, some stakeholders in the global community have shaped their politics to frame the problem as one of protecting individuals’ data from governments and private companies looking to extract and exploit it. The technical solutions developed in this frame are encryption standards and privacy enhancing technologies. However, intelligence agencies continue to frame the problem differently: they see it as an issue of collecting and aggregating data in order to identify malicious actors and threat vectors. The technical solutions they devise are increased surveillance and data analysis -- problems the first framing intended to solve. The techno-political gap, both in academic scholarship and global norms proliferation efforts continues to jeopardize attempts at framing cybersecurity governance.^[20] Instead of artificially depoliticizing technology, it is imperative that we ferment political contestation in a manner that holistically promulgates the perception that internet infrastructure can be trusted and utilised by individuals and communities around the world.

Fostering ‘red lines’ and diffusing ‘unpeace’ in cyberspace

‘Unpeace’ in cyberspace continues to ferment through ‘below the threshold’ operations that do not amount to the ‘use of force’ as per Article 2(4), or an ‘armed attack’ triggering the right of self-defense under Article 51 of the United Nations Charter. This makes the application of jus ad bellum (‘right to war’) inapplicable to most cyber operations.^[21] However, the application of ‘jus in bello’ (law that governs the way in which warfare is conducted) or International Humanitarian Law (IHL) does not require armed force to be of a specific intensity but seeks to protect civilians and prevent unnecessary suffering. Therefore the principles of IHL that have evolved in The Geneva Conventions should be used as red lines that limit collateral damage as a result of cyber operations.^[22] No state should conduct cyber operations that intend to harm civilians, and should us all means at its disposal to avoid this harm to civilians. It should act in line with the principles of necessity^[23] and proportionality.^[24]

Cultivating ‘red lines’ is easier said than done. The debate around the applicability of IHL to cyberspace was one of the reasons for the breakdown of the fifth UN-GGE in 2017.^[25] States have also been reluctant to state their positions on the rules developed by the International Group of Experts (IGE) in the Tallinn Manual.^[26] This is due to two main reasons. First, not endorsing the rules may allow them to retain operational advantages in cyberspace where they continue engaging in cyber operations without censure. Second, even those states who wish to apply and adhere to the rules hesitate to do so in the absence of effective processes that censure states that do not comply with the rules.

Both these issues stem from the difficulties in attributing a cyber attack to a state as cyber attacks are multi-stage, multi-step and multi-jurisdictional, which makes the attacker several degrees removed from the victim.^[27] Technical challenges to attribution, however should not take away from international efforts that adopt an integrated and multi-disciplinary approach to attribution which must be seen as a political process working in conjunction with robust technical efforts.^[28] The Cyber Peace Institute, which was set up earlier in September 2019, and adopts an ecosystem approach to studying cyber attacks, thereby improving global attribution standards may institutionally serve this function.^[29] As attribution processes become clearer and hold greater political weight, an increasing number of states are likely to show their cards and abandon their policy of silence and ambiguity -- a process that has already commenced with a handful of states releasing clear statements on the applicability of international law in cyberspace.^[30]

Below the threshold operations are likely to continue. However, the process of contestation should result in the international community drawing out norms that ensure that public trust and confidence in the security of global digital infrastructure is not eroded. This would include norms such as protecting electoral infrastructure or a prohibition on coercing private corporations to aid intelligence agencies in extraterritorial surveillance29 The development of these norms will take time and repeated prodding. However, given the entangled and interdependent nature of the global digital economy, protracted effort may result in universal consensus in some time.

The Future of Cyber Diplomacy

The recently rejuvenated UN driven norms formulation processes are examples of this protracted effort. Both the Group of Governmental Experts (GGE) and Open-Ended Working Group (OEWG) processes are pushing states towards publicly declaring their positions on multiple questions of cyber governance, which will only further certainty and predictability in this space. The GGE requires all member states to clearly chart out their position on the applicability of various questions of International Law, which will be included as an Annex to the final report and is definitely a step in the right direction.

There are multiple lessons from parliamentary diplomacy culminating in past global governance regimes that negotiators in these processes can borrow from.^[31] As in the past, the tenets of international law can influence collective expectations and serve as a facilitative mechanism for chalking out bargaining points, and driving the negotiations within an inclusive, efficient and understandable framework.^[32]

Both processes will be politicized as before with states seeking to use these as fora for furthering national interests. However, this is not necessarily a bad thing. Protracted contestation is preferable to unilateralism where a select group of states decides the future of cyber governance. The inclusive, public format of the OEWG running in parallel to the closed-door deliberations at the GGE enables concerted dialogue to continue. Most countries had voted for the resolutions setting up both these processes and while the end-game is unknown, it appears that states remain interested in cultivating cyber norms.

Of course, the USA and its NATO allies had voted against the resolution setting up the OEWG and Russia, China and the SCO allies had voted against the resolution resurrecting the GGE. However, given the economic interests of all states in a relatively stable cyberspace, it is clear that both these blocks desire global consensus on some rules of the road for responsible behaviour in cyberspace. This means that both processes may arrive at certain similar outcomes. These outcomes might over time evolve into norms or even crystallise into rules of customary international law if they are representative of the interests of a large number of states.

However, sole reliance on state-centric mechanisms to achieve a stable governance regime may be misplaced. As seen with Dupont’s contribution to the Montreal Protocol that banned the global use of Chloro-Fluoro-Carbons (CFCs)^[33] or the International Committee of the Red Cross’s concerted efforts in rallying states to sign the Additional Protocols to the Geneva Conventions^[34], norm-entrepreneurship and the mantle of leadership in norm-entrepreneurship need not be limited to state actors. Non-state actors often have the gifts of flexibility and strategic neutrality that make them a better fit for this role than states. Microsoft’s leadership and its ascent to this leadership mantle in the cyber governance space must therefore be taken heed off. The key role it played in charting out the CyberSecurity Tech Accords, Paris Call for Trust and Security in Cyberspace and its most recent initiative, the Cyber Peace Institute, must be commended. However, the success of its entrepreneurship relies on how well it can work both with multilateral mechanisms under the aegis of the United Nations and multi-stakeholder fora such as the Global Commission on Stability in Cyberspace. This will lead to a cohesive set of rules that adequately govern the conduct of both state and non-state actors in cyberspace.

It is unfortunate, however, that most governance efforts in cyberspace are driven by the United States or China or their allies. For example, only UK^[35], France^[36], Germany,^[37] Estonia^[38],Cuba^[39] (backed by China and Russia), and the USA^[40] have all engaged in public posturing advocating their ideological position on the applicability of International Law in cyberspace in varying degrees of detail with other countries largely remaining silent. Other emerging economies need to get into the game to make the process more representative and equitable.

More recently, India has begun to take a leadership role in the global debate on cross-border data transfers, spurred largely by their domestic political and policy ecosystem championing ‘digital nationalism.’ At the G20 summit in Osaka in July this year, India, alongside the BRICS grouping emphasized the development dimensions of data for emerging economies and pushed the notion of ‘data sovereignty’-broadly understood as the sovereign right of nations to govern data within their territories/jurisdiction in the national interest and for the welfare of its people.^[41] Resisting calls from Western allies including the United States to get on board Japan’s initiative promoting the free flow of data across borders, Vijay Gokhale also mentioned that discussions on data flows must not take place at plurilateral forums outside the World Trade Organization as this would prevent inclusive discussions.^[42]This form of posturing should be sustained by emerging economies like India and extended to the security domain as well through which the hegemony that a few powerful actors retain over the contours of cyber governance can be reduced.

To paraphrase Clausewitz, technological governance is the conduct of politics by other means. Internet infrastructure has become so deeply intertwined with the political ethos of most countries that it has become the latest front for geopolitical contestation among state and non-state actors alike. Politicizing cyber governance prevents a deracinated approach to the process that ignores simmering inequalities, power asymmetries and tensions that a limited technical lens prevents us from viewing.

The question is, not if but how cyber governance will be politicized. Will it be a politics of inclusion that protects the rights of the disregarded and adequately represents their voices in line with the requirements of International Law, or will it be a politics of convenience through which states and non-state actors utilise cyber governance for reaping strategic dividends? The global cyber policy ecosystem must continue the battle to ensure that the former remains essential.

Endnotes

^[1] Arindrajit Basu and Elonnai Hickok (2018) “Cyberspace and External Affairs: A memorandum for India”, 8-13.

^[2] In its draft definition of cyber stability, The Global Commission on the Stability of Cyberspace has adopted a bottom up user centric definition of Cyber Stability where individuals can be confident in the stability of cyberspace as opposed to an objective top-down determination of cybersecurity metrics.

^[3] PN Edwards, GC Bowker Jackson SJ, R Williams 2009. Introduction: an agenda for infrastructure studies. J. Assoc. Inf. Syst.10(5):364–74

^[4] Brian Larkin, “ The Politics and Poetics of Infrastructure” Annual Rev. Anthropol 2013,42:327-43

^[5] Ibid.

^[6] Kieron O’Hara and Wendy Hall, “Four Internets: The Geopolitics of Digital Governance” CIGI Report No.208, December 2018.

^[7] Cade Metz, “Paul Baran, the link between nuclear war and the internet” Wired, 4th Sept. 2012.

^[8] Kal Raustila (2016) “Governing the Internet” American Journal of International Law 110:3,491

^[9] Samantha Bradshaw, Laura DeNardis, Fen Osler Hampson, Eric Jardine & Mark Raymond, The Emergence of Contention in Global Internet Governance 3 (Global Comm’n on Internet Governance, Paper Series No. 17, July 2015).

^[10] Klint Finley, "The Internet Finally Belongs to Everyone”, Wired, March 18th, 2016.

^[11] Richard Stewart (2014), Remedying Disregard in Global Regulatory Governance: Accountability, Participation and Responsiveness” AJIL 108:2

^[12] Tarun Chhabra, Rush Doshi, Ryan Hass and Emilie Kimball, “Global China: Domains of strategic competition and domestic drivers” Brookings Institution, September 2019.

^[13] According to this view, a state can manage and define its ‘network frontiers; through domestic legislation or state policy and patrol information at it state borders in any way it deems fit. Yuan Yi,. “网络空间的国界在哪 ” [Where Are the National Borders of cyberspace]? 学习时报.May 19, 2016.

^[14] Anthea Roberts, Henrique Choer Moraes and Victor Ferguson (2019), “Toward a Geoeconomic Order in International Trade and Investment” (May 16, 2019).

^[15] Eurasia Group (2018), “The Geopolitics of 5G”

^[16] Ibid.( In 2013, the Ministry of Industry and Information Technology (MIIT), the National Development and Reform Commission (NDRC) and the Ministry of Science and technology (MOST) established the IMT-2020 5G Promotion Group to push for a government all-industry alliance on 5G.)

^[17] Bjorn Fagersten&Tim Ruhlig (2019), "China’s standard power and it’s geopolitical implications for Europe” Swedish Institute for International Affairs.

^[18] Alan Beattie, “Technology: how the US, EU and China compete to set industry standards” Financial Times, Jul 14th, 2019

^[19] Laura Fitchner, Walter Pieters.,&Andre Herdero Texeira(2016). Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures. In Proceedings of the 2016 New Security Paradigms Workshop (36-48). New York: Association for Computing Machinery (ACM)

^[20] Michael Crosston,” Phreak the Speak: The Flawed Communications within cyber intelligentsia” in Jan-Frederik Kremer and Benedikt Muller,”Cyberspace and International Relations: Theory, Prospects and Challenges (2013, Springer) 253.

^[21] “Fundamental Principles of International Humanitarian Law".

^[22] Veronique Christory “Cyber warfare: IHL provides an additional layer of protection” 10 Sept. 2019.

^[23] See (The “principle of military necessity” permits measures which are actually necessary to accomplish a legitimate military purpose and are not otherwise prohibited by international humanitarian law. In the case of an armed conflict, the only legitimate military purpose is to weaken the military capacity of the other parties to the conflict.

^[24] See Proportionality; The principle of proportionality prohibits attacks against military objectives which are “expected to cause incidental loss of civilian life, injury to civilians, damage to civilian objects, or a combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated”

^[25] Declaration by Miguel Rodriguez, Representative of Cuba, At the final session of group of governmental experts on developments in the field of information and telecommunications in the context of international security (June 23 2017).

^[26] Dan Efrony and Yuval Shany (2018), “ A Rule Book on the Shelf? Tallinn Manual 2.0 on Cyberoperations and Subsequent State Practice” AJIL 112:4

^[27] David Clark and Susan Landau. “Untangling Attribution.” Harvard National Security Journal (Harvard University) 2 (2011

^[28] Davis, John S., Benjamin Adam Boudreaux, Jonathan William Welburn, Jair Aguirre, Cordaye Ogletree, Geoffrey McGovern and Michael S. Chase. Stateless Attribution: Toward International Accountability in Cyberspace. Santa Monica, CA: RAND Corporation, (2017). At

^[29] See “CyberPeace Institute to Support Victims Harmed by Escalating Conflicts in Cyberspace”.

^[30] Dan Efrony and Yuval Shany (2018), “ A Rule Book on the Shelf? Tallinn Manual 2.0 on Cyberoperations and Subsequent State Practice” AJIL 112:4

^[31] Arindrajit Basu and Elonnai Hickok (2018), “Conceptualizing an International Security architecture for cyberspace”.

^[32] Monica Hakimi (2017), “The Work of International Law,” Harvard International Law Journal 58:1.

^[33] James Maxwell and Forrest Briscoe (2007),” There’s money in the air: The CFC Ban and Dupont’s Regulatory Strategy” Business Strategy and the Environment 6, 276-286.

^[34] Francis Buignon (2004). “The International Committee of the Red Cross and the development of international humanitarian law.” Chi. J. Int’l L.5: 19137

^[35] Jeremy Wright, “Cyber and International Law in the 21st Century” Govt. UK.

^[36] Michael Schmitt, “France’s Major Statement on International Law and Cyber: An Assessment” Just Security, September 16th, 2019.

^[37] Nele Achten, "Germany’s Position on International Law in Cyberspace”, Lawfare, Oct 2, 2018,

^[38] Michael Schmitt, “Estonia Speaks out on Key Rules for Cyberspace” Just Security, June 10, 2019.

^[39] https://www.justsecurity.org/wp-content/uploads/2017/06/Cuban-Expert-Declaration.pdf

^[40] https://www.justsecurity.org/wp-content/uploads/2016/11/Brian-J.-Egan-International-Law-and-Stabilityin-Cyberspace-Berkeley-Nov-2016.pdf

^[41] Justin Sherman and Arindrajit Basu, "Fostering Strategic Convergence in US-India Tech Relations: 5G and Beyond”, The Diplomat, July 03, 2019.

^[42] Aditi Agrawal, "India and Tech Policy at the G20 Summit”, Medianama, Jul 1, 2019.

For more details visit https://cis-india.org/internet-governance/blog/arindrajit-basu-orfonline-october-21-2019-politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace

135 million aadhaar details, 100 million bank accounts "leaked" from government websites: Researchers

praskrishna — 2017-05-20T06:19:12Z

This was published by Counterview on May 5, 2017.

A top study by the Centre for Internet and Society (CIS) has estimated that “estimated number of aadhaar numbers leaked” through top portals which handle aadhaar “could be around 130-135 million”. Worse, it says, the number of bank accounts numbers leaked would be “around 100 million”.

The study, carried out by researchers Amber Sinha and Srinivas Kodali, adds, “While these numbers are only from two major government programmes of pensions and rural employment schemes, other major schemes, who have also used aadhaar for direct bank transfer (DBT) could have leaked personally identifiable information (PII) similarly due to lack of information security practices.”

Pointing out that “over 23 crore beneficiaries have been brought under aadhaar programme for DBT”, the study, titled “Information Security Practices of Aadhaar (Or Lack Thereof)”, says, “Government schemes dashboard and portals demonstrate … dangers of ill-conceived data driven policies and transparency measures without proper consideration to data security measures.”

Claiming to have a closer look at the databases publicly available portals, the researchers identify four of them a pool of other government websites for examination:

A welfare programme by the Ministry of Rural Development, the National Social Assistance Programme (NSAP) portal, even as seeking to provide public assistance to its citizens in case of unemployment, old age, sickness and disablement, offers information about “job card number, bank account number, name, aadhaar number, account frozen status”, the researchers say.

Pointing out that “one of the url query parameters of website showing the masked personal details was modified from nologin to login”, they say, the “control access to login based pages were allowed providing unmasked details without the need for a password.”

In fact, they say, the Data Download Option feature “allows download of beneficiary details mentioned above such as Beneficiary No, Name, Father’s/Husband’s Name, Age, Gender, Bank or Post Office Account No for beneficiaries receiving disbursement via bank transfer and Aadhaar Numbers for each area, district and state.”
They add, “The NSAP portal lists 94,32,605 banks accounts linked with aadhaar numbers, and 14,98,919 post office accounts linked with aadhaar numbers. While the portal has 1,59,42,083 aadhaar numbers in total, not all of whom are linked to bank accounts.”

Also giving the example of the national rural job guarantee scheme, popularly called NREGA, the researchers say, its portal provides DBT reports containing “various sub-sections including one called ‘Dynamic Report on Worker Account Detail’,” with details like “Job card number, aadhaar number, bank/postal account number, number of days worked”, and so on.

“As per the NREGA portal, there were 78,74,315 post office accounts of individual workers seeded with aadhaar numbers, and 8,24,22,161 bank accounts of individual workers with aadhaar numbers. The total number of Aadhaar numbers stored by portal are at 10,96,41,502”, they add.

Providig similar instances form two other sources, the researchers insist, “The availability of large datasets of aadhaar numbers along with bank account numbers, phone numbers on the internet increases the risk of financial fraud.”

Underlining that “aadhaar data makes this process much easier for fraud and increases the risk around transactions”, they say, “In the US, the ease of getting Social Security Numbers from public databases has resulted in numerous cases of identity theft. These risks increase multifold in India due the proliferation of aadhaar numbers and other related data available.”

Click to read the original published by Counterview on May 5, 2017.

For more details visit https://cis-india.org/internet-governance/news/counterview-may-5-2017-135-million-aadhaar-details-100-million

135 MEELLION Indian government payment card details leaked

praskrishna — 2017-05-20T11:51:14Z

Legislation coming to beef up Aadhaar card privacy, security.

The article by Richard Chirgwin was published in the Register on May 3, 2017.

If you're enthused about governments operating large-scale online identity projects, here's a cautionary tale: the Indian government's eight-year-old Aadhaar payment card project has leaked a stunning 130 million records.

Aadhaar's role in authenticating and authorising transactions, and as the basis of the country's UID (unique identification database) makes any breach a privacy nightmare.

India's Centre for Internet and Society (CIS) made their estimate public in a report published on Monday.

It's not that there was a breach related to Aahdaar itself: rather, other government agencies were leaking Aadhaar and related data they'd collected for their own purposes.

The research paper drilled down on four government-operated projects: Andhra Pradesh's Mahatma Gandhi National Rural Employment Scheme; the same state's workers' compensation scheme known as Chandranna Bima; the National Social Assistance Program; and an Andhra Pradesh portal of Daily “Online Payment Reports under NREGA” maintained by the National Informatics Centre.

In total, the CIS says, the portals leaked 135 million Aadhaar card records linked to around 100 million bank account numbers.

Given India's enthusiasm to try and eliminate cash, it's a big deal: the Aadhaar card funnels benefits to recipients' linked bank accounts. As the report states: “To allow banking and payments using Aadhaar, banks and government departments are seeding Aadhaar numbers along with bank account details”.

The centre says the leaks represent significant and “potentially irreversible privacy harm”, but worse they also open up a fraud-ready source of personal information.

Online databases examined by the CIS included “numerous instances” of Aadhaar Numbers, associated with personal information.

The Indian government responded through Aruna Sundararajan, secretary at the Union Electronics and Information Technology Ministry, who announced amendments to the country's IT legislation to beef up the system's privacy and security.

“Aadhaar has very strong privacy regulation built into it”, she told the Hindu, but it needs better enforcement.

Sundararajan said those issues will be addressed in the legislative amendments.

For more details visit https://cis-india.org/internet-governance/news/the-register-richard-chirgwin-may-3-2017-135-million-indian-government-payment-card-details-leaked

130 Million at Risk of Fraud After Massive Leak of Indian Biometric System Data

praskrishna — 2017-05-20T12:36:06Z

A series of potentially calamitous leaks in India leave as many as 130 million people at risk of fraud or worse after caches of biometric and other personal data became accessible online.

The article by Dell Cameron was published by Gizmodo on May 3, 2017.

That’s according to a new report from the Bangalore-based Centre for Internet and Society (CIS), which details breaches at four national- and state-run databases, all of which are said to contain purportedly “uniquely-identifying” Aadhaar numbers.

Launched in 2009, the Aadhaar system is an ambitious, albeit flawed program aimed at assigning unique identity numbers, not only to Indian citizens, but everyone who resides and works in the country. It is the largest program of its kind in the world. The 12-digit Aadhaar codes are assigned and maintained in a central database by the Unique Identification Authority of India (UIDAI) and link to biometric data of fingerprint and iris scans combined.

For security purposes, since 2002, all U.S. passports issued to international travelers at embassies and consulates around the world have contained biometric data, including a ten fingerprint scan, contained in a microchip embedded in the back cover. In 2007, the law was extended to cover U.S. citizens, and since at least 2013, so-called “e-passports” have been the standard.

With a very different intention in mind, the Aadhaar system was created to employ biometrics as a means to ensure that Indian residents have access to the social safety net, including programs for welfare, health, and education. But due to the sheer scale—again, the largest biometric project in history—the program has been fraught with controversy since day one. Since inception, more than 1.13 billion Aadhaar numbers have since been assigned, according to UIDAI data. (India has a population of roughly 1.32 billion.)

Former World Bank economist Salman Anees , a member of the Indian National Congress (INC), points to migrant laborers as an example of those the program is intended to help. The often carry no identification, he said, and therefore can rarely prove who they are when traveling from state to state. The purpose of the Aadhaar system, he said, is to provide every Indian with a “digital identity.”

“At least, that was the original idea,” adds Soz.

After the INC was battered in the 2014 general election, plans were put forth to expand the scope of the Aadhaar program, inflaming public concern over security and privacy. “Basically, you take this Aadhaar number and you start seeding different [government] databases,” Soz says. “And that, in effect, creates this huge data structure that people are very uncomfortable with.”

“In some ways,” he continued, “what you have is this amazingly modern system with huge data collection potential—and of course, many positives can come from this, but in the wrong hands it can become a huge problem for India. At the same time, your legal framework, your regulatory framework, your policies and procedures are not there. People aren’t aware of what their rights are. They have no idea what this thing can do.”

One problem, Soz says, is that Aadhaar numbers are not always checked against a cardholder’s fingerprints or iris scans in all cases, defeating its purpose entirely. When someone provides an Aadhaar number to prove their identity online or by phone, for example, their identities cannot adequately verified. In this way, Aadhaar numbers are not wholly unlike Social Security numbers in the United States. Were 130 million Social Security numbers to be leaked online, confidence in the ability to use that number to confirm an Americans’ identities would be shaken, if not destroyed.

Last month, a central government database containing thousands of Aadhaar numbers—as well as dates of birth, addresses, and tax IDs (PAN)—reportedly leaked, exposing thousands of Indian residents to potential abuse. According to The Wire, the information, which was contained in Microsoft Excel spreadsheets, could be easily located on Google.

According to CIS, roughly 130-135 million Aadhaar numbers have now been exposed in this most recent leak. With the growing use of the numbers in areas such as insurance and banking, and without proper mechanisms in place to biometrically confirm the identities of cardholders in every case, the threat of financial fraud is pervasive. “All of these leaks are symptomatic of a significant and potentially irreversible privacy harm,” the report says, noting that such incidents “create a ripe opportunity for financial fraud.”

While Aadhaar is not mandatory everywhere, CIS says, the Indian government continues collecting information about the participants under various social programs. Inevitably, that information is combined with other databases containing even more sensitive data. As that happens, there’s a heightened risk to those whose Aadhaar numbers have been compromised. How the Indian government will address its apparently inadequate security controls before fraud overwhelms the system remains unknown.

Read the full report: Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information

For more details visit https://cis-india.org/internet-governance/news/gizmodo-may-3-2017-130-million-at-risk-of-fraud-after-massive-leak-of-indian-biometric-system-data

130 Million Aadhaar Numbers Were Made Public, Says New Report

praskrishna — 2017-05-20T06:32:32Z

The research report looks at four major government portals whose poor information security practices have exposed personal data including bank account details.

The article was published in the Wire on May 1, 2017. This was also mirrored on MensXP.com on May 5, 2017.

Irresponsible information security practices by a major central government ministry and a state government may have exposed up to 135 million Aadhaar numbers, according to a new research report released on Monday.

The last two months have seen a wave of data leaks, mostly due improper information security practices, from various central government and state government departments.

This new report, released by the Centre for Internet and Society, studied four government databases. The first two belong to the rural development ministry: the National Social Assistance Programme (NSAP)’s dashboard and the National Rural Employment Guarantee Act (NREGA)’s portal.

The second two databases deal with the state of Andhra Pradesh: namely, the state government’s own NREGA portal and the online dashboard of a state government scheme called “Chandranna Bima”.

“Based on the numbers available on the websites looked at, estimated number of Aadhaar numbers leaked through these 4 portals could be around 130-135 million and the number of bank accounts numbers leaked at around 100 million from the specific portals we looked at,” the report’s authors, Amber Sinha and Srinivas Kodali, state.

The data leaks come, in part, from the government’s decision to provide online dashboards that were likely meant for general transparency and easy administration. However, as the report notes, while open data portals are a laudable goal, if there aren’t any proper safeguards, the results can be downright disastrous.

“While availability of aggregate information on the dashboard may play a role in making government functioning more transparent, the fact that granular details about individuals including sensitive PII such as Aadhaar number, caste, religion, address, photographs and financial information are only a few clicks away suggest how poorly conceived these initiatives are,” the report says.

Consider the NSAP portal for instance. The dashboard allows users to explore a list of pensioners, whose personally identifiable information include bank account number, name and Aadhaar number. While these details are “masked for public view”, the CIS report points out that if “one of the URL query parameters of the website… was modified from ‘nologin’ to ‘login'”, it became easy to gain access to the unmasked details without a password.

“It is entirely unclear to us what the the purpose behind making available a data download pption on the NSAP website is. This feature allows download of beneficiary details mentioned above such as Beneficiary No., Name, Father’s/Husband’s Name, Age, Gender, Bank or Post Office Account No. for beneficiaries receiving disbursement via bank transfer and Aadhaar Numbers for each area, district and state,” the report states.

UIDAI role?

Kodali and Sinha also prominently finger the role of the Unique Identification Authority of India (UIDAI), the government agency that manages the Aadhaar initiative, in the data leaks.

“While the UIDAI has been involved in proactively pushing for other databases to get seeded with Aadhaar numbers, they take little responsibility in ensuring the security and privacy of such data.With countless databases seeded with Aadhaar numbers, we would argue that it is extremely irresponsible on the part of the UIDAI, the sole governing body for this massive project, to turn a blind eye to the lack of standards prescribed for how other bodies shall deal with such data, such cases of massive public disclosures of this data, and the myriad ways in which it may used for mischief,” the report states.

Still public?

A crucial question that arises is whether these government databases are still leaking data. Over the last two months, some of information has been masked.

“It must be stated that since we began reviewing and documenting these portals, we have noticed that some of the pages with sensitive PII (personally identifiable information) have now been masked, presumably in response to growing reports about Aadhaar leaks,” the report notes.

For more details visit https://cis-india.org/internet-governance/news/the-wire-may-1-2015-130-million-aadhaar-numbers-were-made-public-says-new-report

66A DEAD. LONG LIVE 66A!

praskrishna — 2015-04-01T02:11:27Z

Last Tuesday, Twitter CEO Dick Costolo walked into Prime Minister Narendra Modi's office. India's most compulsive and most-followed tweeter, Modi, as Gujarat chief minister, had protested when the Manmohan Singh government blocked the micro-blogging site of a few journalists. Modi had blacked out his own Twitter profile and tweeted: “May God give good sense to everyone.”

The article by Soni Mishra was published in the Week on March 28, 2015. T. Vishnu Vardhan gave his inputs.

Today, with 11 million followers on Twitter, and 27.6 million likes on Facebook, Modi rules the virtual world and India. He received Costolo warmly and told him how Twitter could help his Clean India, girl child and yoga campaigns. Impressed, Costolo told Modi how Indian youth were innovating on Twitter.

But, the greatest and the most fundamental boost for all social media in India was being effected a few minutes drive away from the PMO. Ironically, in the Supreme Court of India, Modi's lawyers were defending a law made by the United Progressive Alliance government—section 66A of the Information Technology Act, which curbed free speech on social media.

Anything posted on the internet can go viral worldwide and reach millions in no time, argued Additional Solicitor General Tushar Mehta. While the traditional media is ruled by licences and checks, social media has nothing, he said. Finally, Mehta made an impassioned plea that the government meant well. Section 66A will be administered reasonably and will not be misused, he assured the court.

It seemed he, and the government, had forgotten an old saying: if there is a bad law, someone will use it. Luckily for India, and its liberal democracy, the judges saw a bad law and struck it down. “If section 66A is otherwise invalid, it cannot be saved by an assurance from the learned additional solicitor general,” said the bench comprising Justice Rohinton Nariman and Justice J. Chelameswar.

The fact is that 66A was knee-jerk legislation. Almost as thoughtless and compulsive as a netizen's derisive tweet. On December 22, 2008, the penultimate day of the winter session, the UPA government had got seven bills passed in seven minutes in the Lok Sabha; the opposition BJP had played along.

One of the bills was to amend the IT Act. It went to the Rajya Sabha the next day, when members were hurrying to catch their trains and flights home for the year-end vacation. They just okayed the bill and hurried home.

The argument then was that there was no need to discuss the bill as it had been examined by a standing committee of Parliament. Indeed, it had been. But, the committee, headed by Nikhil Kumar of the Congress, had met only for 23 hours and five minutes. Nine of its 31 members had not attended a single meeting. Ravi Shankar Prasad, the current Union minister for IT, was one among the 31.

Apparently, everyone wanted the bill, so did not bother to apply their minds. Only a CPI(M) member, A. Vijayaraghavan, had a few dissenting suggestions to the committee report. No one else bothered to mull over a law that was “unconstitutional, vague” and which would have a “chilling effect” on free speech.

Once the law was made, it was constable raj across India. Shaheen Dhada from Palghar simply commented on Facebook about a Shiv Sena bandh on the death of Bal Thackeray. Her friend Rinu Srinivasan liked it. The two teenagers were bundled into a police station. Rinu still remembers with a chill how “a mob of about 200 people gathered outside the police station that day.” This was when the Congress was ruling Maharashtra.

Jadavpur University professor Ambikesh Mahapatra was picked up by the police in Trinamool Congress-ruled West Bengal in April 2012, for posting a cartoon ridiculing Chief Minister Mamata Banerjee. “I was thrashed several times in police custody,” said the professor, who got relief from the West Bengal Human Rights Commission.

Vickey Khan, 22, was arrested in Rampur, UP, for a Facebook post on Samajwadi Party leader Azam Khan. Rampur is, of course, Khan's pocket borough. The Uttar Pradesh Police, controlled by the Samajwadi Party government, also arrested dalit writer Kanwal Bharti from Rampur for criticising the UP government's suspension of IAS officer Durga Shakti Nagpal in 2013.

At least 30 people in AIADMK-ruled Chennai have been booked under 66A; four of them this year. Ravi Srinivasan, general secretary of the Aam Aadmi Party in Puducherry, was picked up in October 2012 for his tweets on Karti Chidambaram, son of then Union home minister P. Chidambaram. “He was not even in India when I tweeted,” said Ravi. “He sent the complaint by fax from abroad and everything happened [fast] as Puducherry is a Union Territory and can be controlled by the home ministry.”

Whistleblower A. Shankar of Chennai was pulled up by the Madras High Court for the content on his blog, Savukku. The Orissa Police, controlled by the Biju Janata Dal (BJD) government, took Facebook to court in 2011 asking who created a Facebook page in the name of Chief Minister Naveen Patnaik. It is another thing that the page had no content.

Indeed, there had been stray political voices opposing the law. In Parliament, the CPI(M)'s P. Rajeeve, the BJD's Jay Panda and independent MP Rajeev Chandrasekhar pushed several times for scrapping 66A. Panda moved a private members bill, and Rajeeve moved a resolution. “I only wish we in Parliament had heeded the people's voice and repealed it, instead of yet again letting the judiciary do our work for us,” Panda said after the law was scrapped.

Finally, it was left to a young law student, Shreya Singhal, to move the Supreme Court on behalf of the Palghar girls. Singhal pointed out that several provisions in 66A violated fundamental rights guaranteed by article 19(1)(a)—the right to freedom of speech and expression. Several more cases followed and, finally, the court heard them together.

Indeed, Justices Nariman and Chelameswar have been extremely restrained in their comments. But, the fact that Parliament had not applied its mind comes through in the judgment.

The court “had raised serious concerns with the manner in which section 66A of the IT Act has been drafted and implemented across the country,” pointed out Supreme Court lawyer Shivshankar Panicker. Added Kiran Shanmugam, a cyber forensic expert and CEO of ECD Global Bengaluru: “The law lacked foresight in estimating the magnitude of the way the electronic media would grow.”

Apparently the government, too, knew it was defending the indefensible, and tried to win the case highlighting the benign nature of the democratic state. But, the court was not impressed. “Governments may come and governments may go, but section 66A goes on forever,” the judges noted. “An assurance from the present government, even if carried out faithfully, would not bind any successor government.”

Clearly, Mehta was defending the indefensible, a law that, the court found, would have a “chilling effect on free speech”. Moreover, as the judges found out, the new law did not provide even the safeguards that the older Criminal Procedure Code had provided. “Safeguards that are to be found in sections 95 and 96 of the CrPC are also absent when it comes to section 66A,” the judges said. For example, according to the CrPC, a book or document that contained objectionable matter could be seized by the police, but it also allowed the publisher to move court. The new law did not provide even such a cushion.

All the same, the court was careful and did not overturn the entire law. It scrapped section 66A, and section 118(D) of the Kerala Police Act, but upheld section 69A and section 79 of the IT Act, which too had been questioned by the litigants (see box on page 45).

The judgment has set the cyberworld rocking. “I am so happy now, I do not know how to express it,” said Rinu, now an audio-engineering student in Kerala. Shaheen is married and lives in Bengaluru. Vickey Khan is relieved. “Some people had told me that I could be jailed for three years,” he said. But, Azam Khan took it out on the media and said it “favours criminals”.

Karti, who claims to be a votary of free speech, however, wants “some protection” against defamation. “I filed a complaint in an existing provision of law,” he said. “If that provision is not available, then I will have to seek other provisions to safeguard my reputation.”

Mahapatra is still apprehensive. “The government will still try to harass me,” he said. “But I know that in the end I will win.” Shankar of Chennai called it “a huge relief for people like me, who are active on social media.” Ravi Srinivasan, who locked horns with Karti, said he felt “relieved and happy”.

The hard rap on the knuckles for their legislative laxity has sobered the political class. The Congress, the progenitor of 66A, admitted that the vagueness of the law was its undoing. “If in a particular area, the local constabulary took action to stifle dissent, it was never the purpose of the act,” said Congress spokesperson Abhishek Manu Singhvi. The Modi government officially welcomed the judgment, and its spokespersons are blaming the UPA for the law.

Apparently, the scrapped law was made after a series of grossly offensive posts appeared on the social media five years ago. “If such content is not blocked online, it would immediately lead to riots,” said a law ministry official, who said the posts had been shown to the court, too. He said the government would take some time to draft a new law.

But, is a new law required? Opinion is still divided. What if someone is defamed on the net? “There are defamation laws which can deal with these,” said T. Vishnuvardhan, programme director, Centre for Internet and Society, Bengaluru. “Also, the IT Act has various provisions. If somebody misuses your picture on social media, you can report it to the website immediately. The website is liable to take action on it within 36 hours.”

Smarika Kumar of Bengaluru-based Alternative Law Forum said the scrapping of 66A does not mean one can post anything online. “The Supreme Court has said that speech can be censored when it falls under the restrictions provided under article 19(2) of the Constitution,” she said. “But, if you prevent speech on any other ground, it is going to be unconstitutional.”

But, even critics of 66A think a replacement law is needed. Said Rajeev Chandrasekhar: “The government needs to act quickly and create a much more contemporaneous Act, via multi-stakeholder consultations, general consensus and collaboration, so that there is less ambiguity and freedom of expression is preserved.”

Senior Supreme Court advocate Pravin H. Parekh said, “As the cyberworld is growing day by day and there is increase in the number of social media users, we do require a proper mechanism which can regulate the expression of views on the internet.”

The government is putting forth the argument of national security. “If the security establishment says the present act is not sufficient, we will look into it. The government will consider it, but only with adequate safeguards,” said Ravi Shankar Prasad.

That will call for a legislative process undertaken in a cool and calm house, and not hurried through when the members are ready to hurry home.

Sound judgment

Thumbs down
The Supreme Court set aside section 66A of the IT act, which says any person who sends offensive, menacing or false information to cause annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, or uses email to trouble its recipient or deceive him/her about the origin of such messages, can be punished with a jail term up to three years and a fine.

The court also struck down section 118(d) of the Kerala Police Act, which says any person who makes indecent comments by calls, mails, messages or any such means causing grave violation of public order or danger can be punished with imprisonment up to three years or a fine not exceeding Rs10,000, or both.

Thumbs up
The Supreme Court upheld section 69A of the IT act, which allows the government to block the public's access to information in national interest and penalise intermediaries [telecom or internet service providers and web hosting services] who fail to comply with the government's directives.

Section 79 of the IT Act, which deals with intermediaries' exemption from liability in certain cases, too, was upheld.

With R. Prasanan, Mini P. Thoma, Ajay Uprety, Lakshmi Subramanian, Rabi Banerjee and Sharmista Chaudhury

For more details visit https://cis-india.org/internet-governance/news/the-week-march-28-2015-soni-mishra-66a-dead-long-live-66a

66A ‘cut & paste job’

praskrishna — 2012-12-11T05:43:50Z

The controversial Section 66A of the Information Technology Act has borrowed words out of context from British and American laws, according to lawyers here who are calling it a “poor cut-and-paste job”.

GS Mudur's article was published in the Telegraph on December 3, 2012. Pranesh Prakash and Snehashish Ghosh are quoted.

Section 66A, passed by Parliament in December 2008, draws on laws passed in the UK in 1988 and 2003 and the US in 1996. But some lawyers say that, unlike 66A, those foreign laws impose only reasonable restrictions on freedom of speech.

"The text of 66A seems to be the result of a cut-and-paste job done without applying the mind," said Snehashish Ghosh, a lawyer with the Centre for Internet and Society (CIS), a non-government organisation in Bangalore.

Some of the language in Section 66A is taken from Britain’s Malicious Communications Act (MCA) of 1988, which begins with the words: "Any person who sends to another person...."

This provision in MCA 1988, Ghosh said, is intended to curb malicious messages from one person to another. "It does not cover a post on a social website or an electronic communication broadcast to the world."

Section 66A has also borrowed words from Britain’s Communications Act of 2003 which, Ghosh said, is intended to prevent abuse of public communication services and does not directly deal with messages sent by individuals.

Government officials have said that 66A has also plucked language from the US Telecommunications Act of 1996.

This was a landmark legislation that overhauled America’s telecommunication law by taking into account the emergence of the Internet and changing communications technologies. Among other things, it made illegal the transmission of obscene or indecent material to minors via computers.

"Section 66A in its current form fails to define a specific category (context) as defined in the laws from where it has borrowed words," Ghosh said. "This is what has led to its inconsistent and arbitrary applications."

Ghosh and his colleagues say that 66A, through an "absurd" combination of borrowed and ambiguous language, curbs freedom of expression and threatens people with three years’ imprisonment for certain offences that would otherwise, under existing Indian Penal Code (IPC) provisions, draw a fine of only Rs 200.

Section 66A(b), for example, clubs together the offences of persistently repeated communications that might lead to "annoyance", "inconvenience", "danger", "insult", "injury", "criminal intimidation", "enmity", "hatred", and "ill-will".

This is "astounding and unparalleled", said Pranesh Prakash, policy director at the CIS, who has posted an analysis of Section 66A on the NGO’s institutional blog.

"We do not have such a provision anywhere but in India’s information technology law."

This is “akin to... providing equal punishment for calling someone a moron (insult) and threatening to kill someone (criminal intimidation),” Prakash wrote in the blog, where he has listed existing IPC provisions that can deal with the offences that 66A seeks to cover.

Lawyers have also questioned 66A’s effect of criminalising what the existing IPC would label as civil offences. For example, Prakash said, while the punishment under IPC for criminal nuisance is Rs 200, the penalty imposed by 66A is jail for up to three years.

Several sections in the IPC, they said, can effectively address offences that 66A attempts to address exclusively for electronic communications. For example, the IPC has sections for defamation (499 and 500), outraging religious sentiments (295) and obscenity (292).

"We do not require extraordinary laws when existing laws suffice," Ghosh said.

For more details visit https://cis-india.org/news/telegraphindia-december-3-2012-gs-mudur-66a-cut-and-paste-job

26th AMIC Annual Conference – India 2018

Admin — 2018-06-26T01:58:28Z

The 26th AMIC annual conference on the theme Disturbing Asian Millennials: Some Creative Responses was organized by Manipal Academy of Higher Education (MAHE) at Fortune Inn Valley View, Manipal in Karnataka from June 7 - 9, 2018. Swaraj Paul Barooah was a speaker.

Read the agenda and other details here An article announcing the event by Kevin Mendonsa was published in the Times of India on June 5, 2018.

Understanding the Asia Pacific Millennials

Millennials, the 16‐34 year‐olds, make up the majority of the total population of many Asia Pacific countries. It is estimated that there are about 606 million millennials in the Asia‐Pacific region.

While millennials make up a homogenous group in terms of age cluster, they can be categorized as either non‐affluent or affluent with the latter outnumbering as they account for 82 percent of all millennials in the region.[1]

Another reality is that these millennials are located in a geographically and culturally diverse setting.

Current and emerging socioeconomic and political realities are “disturbing” the millennials just as they have the capacity to disturb society.

Globalization, migration, and technology are some of the major factors that are redefining millennials way of life. They are digital natives who do not only “consume” media but prefer creating their own content. Technology (read: smart mobiles) is not a tool but the air they breathe. Social networking is an essential prerequisite to be connected. A major fear is to be a FOLO – Fear of Life Offline. Erstwhile, fear was to be a FOMO – Fear of Missing Out.

Preserving the status quo or being a mere passive spectator is out of the question as their lifestyle and work style is ruled by engagement, creativity, innovation, and change.

Millennials are into multitasking for several reasons but primarily to earn as much from as many revenue sources to be able to purchase their wants (and needs). Multitasking is also a means for creative expression –which they have plenty. From multitasking, they are now evolving into being multi‐hyphenate, e.g., a young professional writer, artist, and entrepreneur rolled into one.

How do millennials disturb society? Their being independent (if not self‐absorbed or “me culture”) makes them in‐charge of their future. They demand new careers (or even create their own) as they find many existing disciplines and professions as very traditional. The competencies earned in school are mere inputs to redesigning new careers. The school is just one of the many learning hubs.

Disturbing does not refer only to a negative disruption but also to a movement needed to rebuild a broken or unsettled society. We must disrupt in order to rebuild!

Are we disturbing our millennials giving them the environment conducive to change? Or are we just distracting them from releasing their energy?

We are “distracting” our millennials if we insist on enforcing inflexible rules, offering traditional (read: archaic) programs, setting or measuring standards and practices based on obsolete measures, feeding them with alternative truths (facts), and not giving value to arts and humanities (which has found renewal among our young people).

True to form, millennials can initiate and lead if the existing systems are unable to “deliver” what are needed to rebuild a society they envision.

Disturbing Asian Millennials: Some Creative Responses will examine the disruptions affecting our millennials and how these young people are creatively responding to or coping with disruptive changes and challenges. The conference will also crowdsource from them ideas and strategies in creating and building an alternative or desired Asian community.

Forum Objectives

The forum provides a platform to achieve the following:

Understand the millennial mindset and behavior especially their career goals and plans;

Describe the unique communication behaviors, patterns, and tools of millennials andthe messages which resonate to them

Share lessons and experiences on how millennials creatively and critically respond todisruptions;

Examine communication strategies which work for the young generation; and

Crowdsource recommendations from millennials on what constitutes an ideal advancedcommunication program highlighting 21st century competencies and skills.

For more details visit https://cis-india.org/internet-governance/26th-amic-annual-conference-2013-india-2018

25 Indians to watch

praskrishna — 2012-11-30T04:46:38Z

From a political scion and an attacking batsman to a crusading web entrepreneur and a ‘Potato Prince’, these are India’s rising stars.

The article was published in the FT Magazine on November 16, 2012. Sunil Abraham is one among the 25 rising Indian stars to watch out for.

Politics

	Priyanka Gandhi Vadra The charismatic scion of India’s pre-eminent political dynasty has shied away from the family business, preferring to raise her children and study Buddhism. But her election-time appearances for mother, Sonia, and brother, Rahul – and her resemblance to her grandmother, former prime minister Indira Gandhi – keep Indians tantalised over a potential entry into full-time political life.

Priyanka Gandhi Vadra

The charismatic scion of India’s pre-eminent political dynasty has shied away from the family business, preferring to raise her children and study Buddhism. But her election-time appearances for mother, Sonia, and brother, Rahul – and her resemblance to her grandmother, former prime minister Indira Gandhi – keep Indians tantalised over a potential entry into full-time political life.

Arvind Kejriwal

A former tax inspector turned right-to-information activist, he was the driving force behind India Against Corruption, last year’s campaign for a new anti-graft law. Aiming to tap middle-class disillusionment with existing political parties, he is now forming his own.

Nitish Kumar

Chief minister of Bihar since 2005, this veteran socialist politician has brought economic growth, law and order and hope to what was one of India’s poorest, most-backward and worst-governed states. His humble persona combined with a strong track record on development mean that many see him as a potential future prime minister in a coalition government.

Anurag Thakur

Former cricketer and BJP member of parliament since 2008, Thakur’s ascent through the party’s ranks to the presidency of BJP’s youth wing put him in the spotlight in 2012. The BJP is said to be grooming him to take on Rahul Gandhi of the Congress party, particularly since Varun Gandhi, another scion within the BJP’s fold, has proved rather ineffective.

Sports

No one can replace Sachin Tendulkar, but the arrival of this dashing young batsman has softened the blow of the great cricketer’s impending retirement. With Bollywood looks to match his bold stroke play, the 24-year-old Kohli helped his cricket-mad country win last year’s World Cup – and raised hopes of more to come.

Saina Nehwal

This small-town girl from the northern state of Haryana is a formidable youth icon. Her many international titles have changed the face of Indian badminton and a bronze medal at the London Olympics this year raised hopes for Rio 2016. Will she be able to break through the Chinese wall?

Entertainment

Anurag Kashyap

India’s answer to Quentin Tarantino, Kashyap makes gritty, personal films about the country’s underbelly: terrorist attacks in Mumbai for Black Friday; drug use and prostitution in Dev D; and eastern India’s brutal coal mafia in this year’s two-part epic Gangs of Wasseypur. He cut his teeth writing Water, Canadian director Deepa Mehta’s Oscar-nominated film, among others.

Sneha Khanwalkar

A film composer who eschews the usual Bollywood penchant for cheesy pop, Khanwalkar favours “found sound”, which she gathers by travelling the Indian countryside and picking up on obscure – and not-so-obscure – folk traditions. She hosts MTV’s Sound Trippin, in which she recreates that experience for viewers more used to Celebrity Big Brother knock-offs. Not yet 30, Khanwalkar already claims two of the best modern Bollywood scores, for 2008’s Oye Lucky! Lucky Oye! and Gangs of Wasseypur.

	India’s greatest graphic novelist, whose project “Gallery of Losers” was shown on billboards across London during the Olympics. A Goldsmiths college graduate, his books – 2004’s Corridor and 2007’s The Barn Owl’s Wondrous Capers – detail alienation in both modern and old India and have set the standard for a burgeoning art form on the subcontinent.

Irrfan Khan

In a sea of “heroes” – as Bollywood’s buffed-up supermen are called – Khan stands out as an actor. A master of subtlety and character, he has found crossover success in Hollywood in films including Slumdog Millionaire (he played the cop), A Mighty Heart (with Angelina Jolie) and The Amazing Spider-Man. Up next is a role in Ang Lee’s adaptation of the Man Booker prize-winning Life of Pi.

Rohini Devasher

A painter and printmaker trained in New Delhi and the UK, Deveshar uses printmaking and video to explore the rhythms of growth in the natural world, and their digital echoes. Her work, shown widely at home and internationally, stands at the intersection of art and science and is influenced by her passion for astronomy.

Gauri Shinde A director of more than 100 advertising films for major Indian brands, Shinde put her focus on the big screen this year with her writing and directorial debut, English Vinglish, a blockbuster hit about the massive social fault line in India between those who speak English and those who don’t.

Gauri Shinde

A director of more than 100 advertising films for major Indian brands, Shinde put her focus on the big screen this year with her writing and directorial debut, English Vinglish, a blockbuster hit about the massive social fault line in India between those who speak English and those who don’t.

Social/Academia

Gita Gopinath

One of the youngest women to win a tenured economics professorship at Harvard, Gopinath uses complex maths to probe one of the world’s most pressing problems: how to solve sovereign debt crises. Still only 40, she appears frequently as a commentator back home, calling for a radical overhaul of her own government’s increasingly precarious financial position.

Sunil Abraham

India’s government has developed a worrying taste for internet censorship, making plenty of work for one of the country’s most respected online civil advocates. Head of the Centre for Internet and Society, Abraham is trying to wean New Delhi off its taste for crackdowns in India’s fast-growing corner of cyberspace.

Manoj Kumar

The Naandi Foundation CEO has persuaded big Indian corporations to support programmes that battle hunger and the maltreatment of girls, raise educational standards and provide sustainable livelihoods. His Midday Meal programme feeds 1.2 million each day; and its experiments with social enterprises make it one of India’s most innovative charities.

Abhijit Banerjee A development economist at MIT and author of Poor Economics, Banerjee carries out randomised-control field trials to cut through propaganda and evaluate the real impact of programmes to help the poor.

Abhijit Banerjee

A development economist at MIT and author of Poor Economics, Banerjee carries out randomised-control field trials to cut through propaganda and evaluate the real impact of programmes to help the poor.

Susmita Mohanty

Literally a rocket scientist. A protégé of Arthur C. Clarke, with stints at Nasa and Boeing, Mohanty was the youngest ever member of the International Academy of Astronautics. She’s now an aerospace entrepreneur. Her company, Earth2Orbit, recently launched its first client satellite.

Swati Ramanathan

Could online confessions help to stop India’s corruption crisis? This thought inspired www.ipaidabribe.com, a site where those forced to pay up can tell their stories anonymously. Established as part of the Janaagraha initiative that Ramanathan co-founded to improve life in Indian cities, the project has spawned imitators in half a dozen countries.

Business

Binny Bansal

As co-CEO of Flipkart.com – the “Amazon of India” – along with Sachin Bansal (no relation), he has turned a Bangalore-based start-up into the country’s most exciting e-commerce business. They have won millions in venture funding and a loyal urban customer base by speedily delivering everything from books to kitchenware.

Phanindra “Phani” Sama

India’s buses are booming, as travel demand rockets but rail capacity stays stuck. Those seeking tickets online are most likely to do so through RedBus. Dreamt up when he couldn’t get tickets for a trip, Sama’s site stitches together the country’s disorganised bus system, and saw its 32-year-old founder sell his 10 millionth ticket this year.

	Bringing new insights to a stuffy 115-year-old Indian conglomerate isn’t easy, nor is being an openly gay man in India’s still-traditional business culture – but Parmesh Shahani manages both, in his role as the founder and head of an ideas and innovation laboratory within the $3.3bn Mumbai-based Godrej group.

Anurag Behar

Engineer and former CEO of Wipro Infrastructure Engineering – a sister company of software giant Wipro – he has previously run the group’s charitable initiatives in education. Now Wipro’s chief sustainability officer, he is driving diversifications into water and clean energy, part of a new company focus.

Cyrus Mistry The man with the biggest shoes to fill in corporate India takes the reins at Tata in late December, replacing Ratan Tata, a man viewed as close to a living saint. The first non-Tata family member to run the nation’s most important business, he faces plenty of questions about how – and whether – to continue his predecessor’s dash for global growth.

Cyrus Mistry

The man with the biggest shoes to fill in corporate India takes the reins at Tata in late December, replacing Ratan Tata, a man viewed as close to a living saint. The first non-Tata family member to run the nation’s most important business, he faces plenty of questions about how – and whether – to continue his predecessor’s dash for global growth.

Roshni Nadar Malhotra

The CEO and executive director of the $5bn Indian IT giant HCL Corporation successfully combines business, social enterprise and philanthropy. Malhotra is the driving force behind Shiv Nadar Foundation’s VidyaGyan Schools in Uttar Pradesh, providing free education to children from poor, rural families.

Jang Bahadur Singh Sangha

Known as the “Potato Prince”, Sangha oversees one of India’s largest and most modern farming operations – and has demonstrated the transformative impact of technology in a country of small-scale subsistence farms. Armed with a master’s degree in plant pathology, he has made modern farming profitable – and almost cool.

For more details visit https://cis-india.org/news/ft-magazine-nov-16-2012-25-indians-to-watch

22 nieuwe leden voor Partnership on AI

praskrishna — 2017-05-19T06:54:20Z

Partnership on AI, een non-profit organisatie ter bevordering van het algemeen begrip van kunstmatige intelligentie en de ontwikkeling van best practices, heeft 22 nieuwe leden aangekondigd.

The news was published by Telecom Paper on May 17, 2017.

Tot de nieuwe leden behoren eBay, Intel, McKinsey & Company, Salesforce, SAP, Sony, Zalando, Cogitai, Allen Institute for Artificial Intelligence, AI Forum of New Zealand, Center for Democracy & Technology, Centre for Internet and Society – India, Data & Society Research Institute, Digital Asia Hub, Electronic Frontier Foundation, Future of Humanity Institute, Future of Privacy Forum, Human Rights Watch, Leverhulme Centre for the Future of Intelligence, UNICEF, Upturn, en de XPRIZE Foundation. Partnership on AI werd vorig jaar september opgericht. Tot de oprichters behoren onder meer Amazon, Facebook, IBM, Microsoft, Google DeepMind en Apple.

For more details visit https://cis-india.org/internet-governance/news/telecom-paper-may-17-2017-22-nieuwe-leden-voor-partnership-on-ai

22 companies join Partnership on AI, begin to study AI's impact on work and society

praskrishna — 2017-05-19T05:26:09Z

The non-profit artificial intelligence organization added new groups into its fold, and announced initiatives on developing AI best practices and harnessing the technology for social good.

The blog post by Alison DeNisco was published in TechRepublic on May 17, 2017.

As artificial intelligence (AI) increasingly enters every part of our lives, from chatbots to self-driving cars to office data analysis programs, questions remain about how this technology will impact our future in terms of jobs, safety, and society.

In September 2016, Facebook, Microsoft, IBM, Amazon, and Google announced the creation of a "Partnership on AI to Benefit People and Society" (Partnership on AI), a nonprofit formed to "study and formulate best practices on AI technologies, to advance the public's understanding of AI, and to serve as an open platform for discussion and engagement about AI and its influences on people and society." Apple joined the partnership as a founding member in January 2017.

On Tuesday, the Partnership on AI shared a blog post with updates on the group's progress. Some 22 new organizations are joining the partnership, and more are expected to join in the future, according to the post. Eight are for-profit partners: eBay, Intel, McKinsey & Company, Salesforce, SAP, Sony, Zalando, and Cogitai.

Meanwhile, 14 are non-profits: The Allen Institute for Artificial Intelligence, AI Forum of New Zealand, Center for Democracy & Technology, Centre for Internet and Society-India, Data & Society Research Institute, Digital Asia Hub, Electronic Frontier Foundation, Future of Humanity Institute, Future of Privacy Forum, Human Rights Watch, Leverhulme Centre for the Future of Intelligence, UNICEF, Upturn, and the XPRIZE Foundation.

"Together with the founding companies and our existing non-profit Partners (AAAI, ACLU, and OpenAI), these new Partners strengthen and broaden our representation, helping to fulfil our goal to build a diverse, balanced, and global set of perspectives on AI," the post stated.

Notable representatives from these organizations include Dr. Hiroaki Kitano, head of Sony Computer Science Laboratories and a world expert on AI robotics and human-AI collaboration, and Chris Fabian of UNICEF's Office of Innovation, who leads a group of technologists who apply machine learning, data science, and AI to societal problems.

Partnership on AI also announced plans to launch a set of initiatives based on its thematic pillars: Safety-critical AI; fair, transparent, and accountable AI; collaboration between people and AI systems; AI, labor, and the economy; social and societal influences of AI; AI and social good; and special initiatives. These early programs will focus on:

Topic-specific and sector-specific Working Groups to research and formulate best practices
The creation of a Civil Society Fellowship program aimed at assisting people at non-profits and NGOs who wish to collaborate on topics in AI and society
The formation of a cross-conference "AI, People, and Society" Best-Paper Award
The start of an AI Grand Challenges series to stimulate aspirational efforts in harnessing AI to address some of the most pressing long-term social and societal issues

The partners will work together to shape each initiative, and the group will share more information about each project soon, according to the blog post. The group also announced that it is in the process of appointing an executive director, who will oversee the organization's day-to-day operations.

Partnership on AI is not the only group examining the impact AI will have on our world. Elon Musk founded an $11 million AI safety program for funding researchers, and Eric Horvitz of Stanford University is leading the One Hundred Year Study on Artificial Intelligence. The White House released two reports in 2016 on preparing for the future of AI, and the effect of AI and automation on the economy. And a US Senate Committee also met last year to discuss the current state of AI, and its potential impact on policy and commerce.

The 3 big takeaways for TechRepublic readers

The nonprofit Partnership on AI, founded by Facebook, Microsoft, IBM, Amazon, Google, and Apple, recently announced that it was adding 22 new organizations to its ranks to research AI and formulate best practices around the technology.
The partnership also announced several initiatives, including working groups to research and create best practices, and a challenge series to inspire people to use AI to address social issues.
Partnership for AI is expected to release more information on each initiative soon, as well as appoint an executive director.

For more details visit https://cis-india.org/internet-governance/news/tech-republic-may-17-2017-22-companies-join-partnership-on-ai

20 years of Google: Privacy, fake news and the future

Admin — 2018-08-30T02:49:06Z

Google once directed you to information. Today, it’s often the source of information, using data you and others have shared, often without you realising it. Public knowledge goes where Google takes it. And 20 years on, not everyone’s happy with the journey.

The article by Rachel Lopez was published in Hindustan Times on August 26, 2018. Pranesh Prakash was quoted.

Happy Birthday, Google. The search engine is 20 this year, and what a ride it’s been! When Sergey Brin and Larry Page were developing software that searched better and loaded faster than Explorer, Navigator and AltaVista, the web itself consisted of just 1 lakh websites.

Google’s mission statement was succinct: To organise the world’s information and make it universally accessible. Their corporate code of conduct was even simpler: Don’t be evil.

Perhaps even Google didn’t realise where its mission would take it. The following decade brought Google News, Gmail, Maps and Chrome. By 2014, the internet had grown to 1 billion websites. The search engine, their core product, had become the default homepage of the Internet.

In May this year, Google quietly dropped the ‘Don’t be evil’ tag. The same month, its Android operating system crossed 2 billion monthly active devices. Seven products (including YouTube and Google Play) now reach a combined 1 billion users.

Google once directed you to information. Today, it’s often the source of information (in ads and top-of-the-page blocs), using data you and others have shared, often without you realising it. Public knowledge goes where Google takes it. And 20 years on, not everyone’s happy with the journey.

“The key concern is that Google has grown so big,” says Pranesh Prakash, policy director at Bangalore’s Centre for Internet & Society. “It’s like the classic line from [Spiderman’s] Uncle Ben: With great power comes great responsibility. In Google’s case, its great size is what brought great power to begin with.”

For billions of Google users, the biggest concerns are now of privacy and accountability, says Nikhil Pahwa, founder of Medianama, which analyses digital and telecom businesses. “There are few checks on Google’s ability to take, retain and process information from users,” he says.

Hits and misses

For Google, all is going according to plan. Its search engine is now smart enough to complete your sentences. It’s learning constantly from what you search for, watch, spend on, share and regret; it knows your commute and your vacation plans. And it’s profiting from this knowledge.

In the UK, Google is being sued for bypassing iPhone privacy settings to track and collect data from 4.4 million users in 2011 and 2012. Information on race, physical and mental health, political leanings, sexuality, shopping habits and locations was apparently used to build advertising categories. Google also creates products for the US government, and has user data from around the world. “Any entity that has this much insight into us, and is in a position to use it, whether for the government or commercial gain, is cause for worry,” says Prakash. Most users aren’t worried, and that’s worrying too. We don’t realise how much data is being tracked or collected. The more we share, the more useful Google gets, and the greater its potential for misuse, for mapping say, beef-eaters, online dissenters, LGBT supporters or single women who work late.

The Internet’s other giant, Facebook, recently suspended 400 apps over privacy concerns, admitting that 87 million users may have had data compromised in 2016. Meanwhile, even non-Google apps are capable of hijacking data using software developed by Google. Weather apps look at your photo gallery, ride-sharing software keep tracking you after the ride, games are checking out your texts as you play. Gmail knows your flight timings, how many steps you’ve walked, and your last bank transaction.

Search for tomorrow

Perhaps the biggest concerns are with Google’s artificial intelligence technology, the brand’s great leap forward fuelled by its massive data reserves. The tech is already being criticised for being fed biased data, creating global services that mirror the prejudices of an insular, mostly white, mostly male, tech industry.

Sara Wachter-Boettcher, author of Technically Wrong, which looks at how technology reflects sexism and the biases of the people that create it, says this creates problems. “Google develops tools that other tech companies rely on to build other products,” she says. So its biases spread to other products too. As machines learn, Google is starting to unlearn too.

“Machine unlearning is basically recognising when a machine has learned something inaccurate, or biased, and then erasing that learning,” says Wachter-Boettcher. In Africa, the company (along with Facebook) now funds a Masters course in machine intelligence to improve the industry’s diversity. Last year, Google took its first steps to curb fake news hits on its search engines with tools that allow users to report misleading or offensive content.

But perhaps it’s time to work towards a future in which Google will be monitored in real time, in different countries, rather than depending on the company to offer a fix after a misstep. Prakash believes that the way forward is reimagining an Internet where Google isn’t the first and last word on everything. “This doesn’t mean more companies like Google but searching that happens in a more decentralised way,” he says. “We need to save the web from large monopolies in the long run.”

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-rachel-lopez-august-26-2018-20-years-of-google-privacy-fake-news-and-future

13 crore Aadhaar numbers on four government websites compromised: Report

praskrishna — 2017-05-03T15:19:52Z

The lack of information security practices in key government websites which hosts Personally Identifiable Information (PII) has left citizens of the country more vulnerable to identity theft and financial fraud, a research paper has argued.

The article by Akram Mohammed was published by the New Indian Express on May 2, 2017.

A paper by Amber Sinha and Srinivas Kodali of Centre for Internet and Society analysed four government websites and found that more than 13 crore Aadhaar numbers with related PII were available on the websites, exposing lax security features.

The paper published under Creative Commons is titled ‘Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information’ and was released on Monday.

Sinha and Kodali looked at databases on four government portals -- National Social Assistance Programme, National Rural Employment Guarantee Scheme, Chandranna Bima Scheme, Govt. of Andhra Pradesh and Daily Online Payment Reports website of NREGA, Govt. of Andhra Pradesh.

“We chose major government programmes that use Aadhaar for payments and banking transactions. We found sensitive and personal data and information accessible on these portals,” the report said.

Leaked through portals

“Based on the numbers available on the websites, estimated number of Aadhaar numbers leaked through these 4 portals could be around 130-135 million and the number of bank account numbers leaked at around 100 million.

While these numbers are only from two major government programmes of pensions and rural employment schemes, other major schemes, that have also used Aadhaar for DBT, could have leaked PII similarly due to lack of information security practices,” it said.

They fear that data of over 23 crore beneficiaries under DBT of LPG subsidies could be leaked also. Identity theft and financial fraud “risks increase multifold in India...,” they said.

Aadhaar payments unsafe

In case a financial fraud takes place through Aadhaar enabled Payment System (AePS), the consumer may not be able to assert his claims for compensation due to the terms and conditions around liabilities.

“These terms force the consumer to take liabilities onto oneself than the payment provider..... Regulations and standards around Aadhaar are at a very early and nascent stage causing (an) increase in financial risk for both consumers and banks to venture into AePS,” they added. The authors also pulled up UIDAI for their inability in providing strong legislation against such leaks.

Leaky govt portals

National Social Assistance Programme

PII available - Access to Aadhaar no., name, bank account number, account frozen status 94,32,605 bank accounts linked with Aadhaar

14,98,919 post office accounts linked with Aadhaar numbers.

Though total Aadhaar number is 1,56,42,083, not all are linked to bank accounts

NREGA

PII Details available: Job card no., Aadhaar number, bank/postal account number, no. of days worked, registration no., account frozen status

78,74,315 post office accounts of individual workers seeded with Aadhaar numbers,

8,24,22,161 bank accounts of individual workers with Aadhaar numbers.

10,96,41,502 total number of Aadhaar numbers stored by portal

Other websites

Chandranna Bima Scheme, Govt. of Andhra Pradesh

Daily Online Payment Reports website of NREGA, Govt. of Andhra Pradesh

For more details visit https://cis-india.org/internet-governance/news/new-indian-express-may-2-2017-akram-mohammed-13-crore-aadhaar-numbers-on-four-government-websites-compromised